Excellent Conficker Analysis (All Currently Known Variants)

03/31/09

As everyone is well aware, conficker worm variants have been exploiting MS-08-067 since November 2008 (possibly earlier). Conficker continues to spread depite the fact that a patch has been out for this vulnerability since October of 2008. The latest "C" variant of Conficker is well written and includes protection against many security products and analysis tools. The following links contain useful information on the analysis and remediation of conficker worm variants.

It is also worth noting that the CSA 6.0 Dynamic Signature Generation feature protects and distributes RPC signatures dynamically based upon locally quarantined payloads. CSA Dynamic Signatures, in addition to built-in buffer overflow protection, should prevent conficker infections on CSA hosts running Cisco default rules in protect mode. We hope to have a detailed write-up on Dynamic Signature Generation and Conficker in the coming days.

Today's complex security and networking solutions require a great deal of knowledge to successfully support and operate. Priveon uses the field experience of its expert staff to develop and maintain a positive reinforcement loop between business practices and to provide the latest information to our customers. The information posted here is supported by Priveon subject-matter experts.